CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

Path traversal

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

VMware Horizon 后置链接漏洞

VMware Horizon is a suite of foundation platforms for virtual desktops and applications from VMware. The product supports end users in accessing all their virtual desktops, applications and online services through a digital workspace. The VMware Horizon Client suffers from a backlink vulnerabilit...

FortiEDR - Denial of service due to folder access permission change

An improper control of a resource through its lifetime CWE-664 vulnerability in FortiEDR Collector may allow a privileged attacker to make the application unresponsive via changing its root directory access permission...

CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2022-1166 JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

Command injection

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

CVE-2021-32937

MDT AutoSave vulnerability CVE-2021-32937 affects MDT AutoSave prior to 6.02.06 (and related A4SP versions). The issue is listed as Generation of Error Message Containing Sensitive Information, enabling an attacker to learn about a session temporary working folder via getfile/putfile commands and...

Unrestricted Upload of File with Dangerous Type in WPanel 4

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-34257

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

Remote code execution

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-34257

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

PT-2022-18845 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: The issue allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkin...

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

Authentication flaw

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620 IPTIME NAS2dual improper authentication vulnerability

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620

The CVE-2021-26620 entry describes an improper authentication vulnerability in iptime NAS2dual. The issue allows remote attackers to access a shared folder and alter a user’s password due to insufficient authentication, enabling potential information leakage. Reported impacts include exposure of ...

EFM ipTIME C200 IP Camera 授权问题漏洞

EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. A security vulnerability exists in the EFM ipTIME C200 IP Camera that stems from a problem with shared folder authentication. A remote attacker can exploit the vulnerability by using...